One of the big announcements at VMworld San Francisco was about the new NSX network virtualization platform. We were pleased to jointly present a breakout session with VMware, featuring the integration of VMware NSX and our next-generation firewalls. But our work there also prompted some questions, such as how does NSX compare with SDN (software defined networking) and NFV (network functions virtualization)? And how does it impact network security?
SDN has a number of interpretations, but the architecture model is pretty straightforward. It is the separation and centralization of the control plane from the management plane along with the ability to support programmable flows, orchestrated by management systems. NFV meanwhile, abstracts physical networking components into software applications that can be run on off-the-shelf x86 servers using virtualization technology. This reduces equipment costs and power consumption, enables quicker delivery of services and offers the ability to scale up or down.
The challenge with NFV is that even though network functions are virtualized, you still need to configure a number of network devices as virtual machines. Network virtualization provides an abstraction of the virtual network from physical appliances via a high-speed physical switch fabric so that no physical rewiring is needed. The virtual network is a “container” of network services provisioned by software, very similar to a VM operational model (CPU, memory, I/O etc).
You can read more about the differences in these technologies in my most recent Security Week article. In a data center environment, where the goal of the enterprise is to support a secure, agile, dynamic environment with operational efficiency, network virtualization appears to provide the most benefits. Network services are decoupled from the underlying hardware, giving enterprises an opportunity to create virtual networks in software, and simplify operations.
It is this new, agile, data center environment where network security is even more important. You’ll need to consider how to safely enable applications and protect against new threats, while operating in this dynamic environment. How do you implement the concept of Zero Trust, where in Forrester Research’s definition you inspect and log every packet, and ensure appropriate access to all applications in the data center?
Please join us this Thursday, 9/19 for our joint webinar with VMware on “Zero Trust in the Software Defined Data Center” with special guest, Forrester Principal Analyst John Kindervag. We will discuss the security challenges in the software defined data center, how to implement Zero Trust principles and dive into details of our joint solution. If you missed our session at VMworld, this is your opportunity to learn more about evolving data center security challenges. Register for the webinar here. See you Thursday!